Educause Security Discussion mailing list archives
Re: Apple wifi implementation flaw
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Thu, 29 Mar 2012 15:02:42 +0000
I don't want to get too far off track here, but, I am a little annoyed at what I view as the press presenting every computer security/privacy issue as "OMG the sky is falling...run for your lives". I'd really like to see a bit of moderation, and perhaps a reasonable assessment of the risk in these stories. It's that risk assessment piece where I think we can help. I'll pick a little on Brian, since he sent this out. Do we have any indication of widespread use of this technique? That's important for consumers, and should be mentioned, instead of the usual FUD. Oh, and in your Starbucks scenario, when you get to my house you'll find George Zimmerman is watching the place...he's got an itchy trigger finger. Just because I am out, does not mean the place is empty. Let's try to feed something other than FUD to the press. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brian Helman Sent: Thursday, March 29, 2012 9:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Apple wifi implementation flaw This exists in all Apple devices, not just iOS. I disagree, but not because I think it's a data security issue. I think it's a personal security issue. Think about it. You go into Starbucks and your iPhone/iPad broadcasts your home SSID. Someone sitting there grabs that information using FireSheep and cross-references against Google or WiGLE.net . Now they know your home address. And they know you're not there. -Brian From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]<mailto:[mailto:SECURITY () LISTSERV EDUCAUSE EDU]> On Behalf Of Jeffrey Schiller Sent: Thursday, March 29, 2012 10:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Apple wifi implementation flaw Let me take a wild guess here. I vaguely recall that when the iPhone first came out it caused meltdowns on several different networks. My guess is that this behavior may be a change that Apple made to mitigate the problem (which was likely with the network itself). By the time Android came on the scene, these networks had been fixed so the mitigation wasn't needed. However the behavior was already in the iOS code base and stayed there. Personally I don't believe this is a particularly big deal. There are much worse privacy problems around. -Jeff -- _______________________________________________________________________ Jeffrey I. Schiller Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room E17-110A Cambridge, MA 02139-4307 617.253.0161 - Voice jis () mit edu<mailto:jis () mit edu> http://jis.qyv.name _______________________________________________________________________
Current thread:
- Apple wifi implementation flaw Brian Helman (Mar 29)
- Re: Apple wifi implementation flaw Jeffrey Schiller (Mar 29)
- Re: Apple wifi implementation flaw Brian Helman (Mar 29)
- Re: Apple wifi implementation flaw Roger A Safian (Mar 29)
- Re: Apple wifi implementation flaw Brian Helman (Mar 29)
- Re: Apple wifi implementation flaw Jeffrey Schiller (Mar 29)
- Re: Apple wifi implementation flaw Brian Helman (Mar 29)
- Re: Apple wifi implementation flaw Brian Helman (Mar 29)
- Re: Apple wifi implementation flaw Jeffrey Schiller (Mar 29)